Volume 2, Issue 1 ISSN - 2218-6638 International Journal for Advances in Computer Science March 2011
© IJACS 2010 - All rights reserved 21
The remainder of this paper is organized as follows: Section 2 discusses related inventions and innovations.
Section 3 introduces the proposed scheme in which we also discuss the guidelines of building the virtual
environment and its possible applications. Section 4 discusses the security analysis including possible attacks
and countermeasures. Section 5 presents the experimental conditions. Finally, in Section 6, we conclude and discuss
the future work.
2. Related inventions and innovations
Graphical passwords which were introduced by Blonder, brought a new revolution in authentication systems [11]
[12] [13]. It consists of both recall and recognition methodologies e.g. Pass-faces, pass-point, DAS etc.,
Though the graphical passwords could produce a longer password size it suffered from the shoulder surfing attack.
The pass-faces is a recognition type of method which consists of selecting an image by a user from a set of
images projected on the screen. For this authentication system to work, initially the users need to specify a set of
graphical images of his choice to the authentication system through a secure channel.
The pass-point method is a recall method where the user needs to select different points on a picture that resembles
his password [14]. The DAS Draw a sketch method also falls in this category where the user needs to draw his
login sketch on a grid 5x5, 10x10 or 25x25. The login involves in identifying the lines that pass through the
different grids present on the screen.
Biometrics authentication system even though became popular with a short start still people are afraid of using it
as it involves in recording the user’s physical aspects posing a threat to his privacy. In addition, some users
resist the idea of a low intensity infrared light or any other kind of light directed at their eyes, such as in retina
recognition systems. Moreover, biometrics cannot be revoked, which leads to a dilemma in case the user’s data
have been forged. Unlike other authentication schemes where the user can alter his password at times of threat to
privacy [15] [16], a user’s biometrics cannot be revoked.
Many authentication systems are based on tangible objects and are referred to as token-based systems. Many token-
based systems are vulnerable to theft and loss [1] [5]; therefore, most token-based systems require a personal
identification number followed by a textual password for authentication e.g. a debit or a credit card.
Our schema involves the efficient utilization of all the mechanisms above discussed and it is small in size and an
optimal solution.
3. The proposed scheme
This scheme is proposed keeping in mind the requirement to overcome the disadvantages of all the previous schemes
and is outlined as follows: i.
The system should be in smaller size. As the utilization of the users on the Internet is higher,
the requirement of the scheme also increases. ii.
The newly proposed scheme should be easy to use.
iii. It should produce a higher password size
compared to the previous schemes. iv.
Password provided by the scheme should be easy to remember.
v. It should consist of passwords that are not easy to
be written down. vi.
Users should have the freedom of selecting their passwords [14].
vii. The newly proposed system should provide a
method for changing passwords. Hence, keeping in mind all the above requirements the
proposed system was designed.
A. The proposed system
The system consists of merging different authentication schemes together. The system presents a simple virtual
environment containing various items. The user goes through this environment and changes the state of the
items [10]. The system simply combines the sequence of user interactions that occur in the virtual environment
which is depicted in Figure 1. The system can combine recognition-, recall-, token-, and
biometrics-based systems into one authentication scheme. This can be done by designing a virtual environment that
contains items that request information to be recalled, information to be recognized, tokens to be presented, and
biometrical data to be verified. For example, the user can change the state of a window or
a door in the virtual environment by simply clicking over it, later switch on a light bulb and finally click on login.
The combination and the sequence of the previous actions construct the user’s password action sequence recorded
by a background invisible process as in Figure 1. Items can be any object that we encounter in real life. Any
obvious state changes and interactions toward the real-life objects can be done in the virtual environment toward the
items which, may include:
i. Openingclosing windows or doors.
ii. Typing a textual password on a virtual keyboard.
iii. Switching onoff the lights.
iv. Performing biometrics by selecting a virtual item
in the environment. v.
Identifying a graphical password. vi.
Providing a token for identification e.g. RF-ID on selecting an item.
vii. Writing on a paper present in the virtual
environment. viii.
Moving an item.
Volume 2, Issue 1 ISSN - 2218-6638 International Journal for Advances in Computer Science March 2011
© IJACS 2010 - All rights reserved 22
ix. Any other authentication scheme which is to be
developed in the future. The state change performed on an item differs from that
of a different item hence, preserving the unique changes made at an item for later recognition process of the
authentication system. Therefore, to generate the legitimate password, the user must follow the same
scenario performed by him initially. This means changing state of the same items and performing the exact actions
in a proper sequence.
B. Password selection and inputs